The biggest threat to search engines are not their competitors, but poisoned search results.
Since the moment when search engines have largely become the starting point for our daily surfing, the risk of landing on a compromised site serving malware has been increasing. Scammers’ link architectures have evolved, and they now include even fake search engines – perfect copies of the real ones, but with all links pointing to compromised sites.
A paper that Google presented yesterday at the Workshop on Large-Scale Exploits and Emergent Threats in San Jose, contains results of the company research of the fake AV phenomenon. Among the things the researchers concentrated on is how their search engine is abused in order to drive the users towards the malware-serving websites set up by fake AV peddlers.
Basically, poisoned search engine results have become a primary vector of infection, and it shouldn’t come as a surprise that Google’s large market share, its breadth and speed of indexing have made it the target of choice.
Analyzing their own recorded Google search results (on an hourly basis) between March 30, 2010, and April 18, 2010, Symantec researchers also revealed some depressing figures:
- “On average at any given hour, 3 out of the top 10 search trends contained at least one malicious URL within the first 70 results
- On average, 15 links out of the first 70 results were malicious for search terms that were found to be poisoned (had at least one malicious URL)
- On average on any given day, 7.3% of links are malicious in the top 70 results for top search terms
- The most poisoned search term resulted in 68% of links leading to malicious pages in the first 70 results
- Almost all of the malicious URLs redirect to a fake anti-virus page.”
The choice of which search term to poison is usually left to an automated system that tracks search trends and hot topics, but which of them will be more successful then others is purely a matter of chance. At this point, it doesn’t even matter anymore, since the whole process is largely automatic and continuous.
Hopefully, Google and the others are working hard on new ways to keep their search results clean. In the meantime, users must continue to be extremely careful when using search engines.